File Maelstrom-security.patch of Package Maelstrom

--- controls.cpp
+++ controls.cpp
@@ -83,7 +83,7 @@
 	if ( fname ) {
 		*fname = datafile;
 	}
-	sprintf(datafile,  "%s"DIR_SEP"%s", home, MAELSTROM_DATA);
+	snprintf(datafile, sizeof(datafile),  "%s"DIR_SEP"%s", home, MAELSTROM_DATA);
 	if ( (data=fopen(datafile, mode)) == NULL )
 		return(NULL);
 	return(data);
--- maclib/macres.cpp
+++ maclib/macres.cpp
@@ -58,7 +58,7 @@
 				ids[j], res->ResourceName(types[i], ids[j]));
 			if ( argv[2] ) {
 				char path[23];
-				sprintf(path,"%s/%s:%hu", argv[2],
+				snprintf(path, sizeof(path),"%s/%s:%hu", argv[2],
 							types[i], ids[j]);
 				FILE *output;
 				Mac_ResData *D;
--- myerror.cpp
+++ myerror.cpp
@@ -16,7 +16,7 @@
 	va_list ap;
 
 	va_start(ap, fmt);
-	vsprintf(mesg, fmt, ap);
+	vsnprintf(mesg, sizeof(mesg), fmt, ap);
 	fputs(mesg, stderr);
 	va_end(ap);
 }
@@ -27,7 +27,7 @@
 	va_list ap;
 
 	va_start(ap, fmt);
-	vsprintf(mesg, fmt, ap);
+	vsnprintf(mesg, sizeof(mesg), fmt, ap);
 	fputs(mesg, stdout);
 	va_end(ap);
 }
@@ -37,10 +37,10 @@
 	char buffer[BUFSIZ];
 
 	if ( *msg ) {
-		sprintf(buffer, "%s: %s\n", msg, strerror(errno));
-		error(buffer);
+		snprintf(buffer, sizeof(buffer), "%s: %s\n", msg, strerror(errno));
+		error("%s", buffer);
 	} else
-		error((char *)strerror(errno));
+		error("%s", (char *)strerror(errno));
 }
 
 #endif /* _myerror_h */
--- netlogic/game.cpp
+++ netlogic/game.cpp
@@ -852,7 +852,7 @@
 
 		hScores[which].wave = gWave;
 		hScores[which].score = OurShip->GetScore();
-		strcpy(hScores[which].name, handle);
+		strncpy(hScores[which].name, handle,sizeof(hScores[which].name)-1)[sizeof(hScores[which].name)-1] = 0;
 
 		sound->HaltSound();
 		sound->PlaySound(gGotPrize, 6);
--- netscore.cpp
+++ netscore.cpp
@@ -59,7 +59,7 @@
 
 	/* Send the scores */
 	crc = get_checksum(key, KEY_LEN);
-	sprintf(netbuf, SCOREFMT, crc, high.name, high.score, high.wave);
+	snprintf(netbuf, sizeof(netbuf), SCOREFMT, crc, high.name, high.score, high.wave);
 	SDLNet_TCP_Send(remote, netbuf, strlen(netbuf));
 	n = SDLNet_TCP_Recv(remote, netbuf, 1024);
 	if ( n > 0 ) {
--- screenlib/SDL_FrameBuf.cpp
+++ screenlib/SDL_FrameBuf.cpp
@@ -628,7 +628,7 @@
 
 		found = 0;
 		for ( which=0; !found; ++which ) {
-			sprintf(file, "%s%d.bmp", prefix, which);
+			snprintf(file, sizeof(file), "%s%d.bmp", prefix, which);
 			if ( ((fp=fopen(file, "r")) == NULL) &&
 			     ((fp=fopen(file, "w")) != NULL) ) {
 				found = 1;